Malicious attacks on personal and corporate computer systems continue to rise worldwide, as various actors and groups increase the sophistication and scale of their efforts. In this post Dr. Chris DenHeijer, CSU Global lead faculty for management information systems and business analytics, shares his tips for protecting your system. Ransomware 2017: WannaCry A large-scale viral ransomware cyberattack called WannaCry has made headlines recently for hitting 150 different countries and infecting tens of thousands of computers. This is one of the biggest cyberattacks in recent years and is known as a zero-day attack. A zero-day attack is a new vulnerability found within software that was previously unknown. The attackers are taking advantage of a new software vulnerability. Some of the countries hit by this attack include: China, Germany, Japan, Russia, Spain, United Kingdom, India and the United States. In this case, the zero-day exploit used the WannaCry ransomware as the malware trigger. Ransomware encrypts the victim’s data and holds it hostage. For corporations, this can mean a complete shutdown of the business until the data is retrieved. Usually the victim of the ransomware attack is forced to pay the ransom using bitcoins, making it difficult for law enforcement to trace. After payment, the victim gets a key to decrypt the data (or at least they hope they do after paying the ransom). In addition to the first attack, there are usually copycat attacks mirroring the original that are different variants of the same malware. This malware uses different attack vectors to propagate. Email is one of the favorite ways that hackers like to spread their malware. Be very careful when opening an email attachment, or any email with a link to an external website or file. If the link or attachment is something you do not really want to see, do not open it. Play it safe and delete the email. If you are unsure, call the originator of the email and verify that they sent it. Protect Your System: Make sure your system is updated with the latest patches. Verify that the antivirus you use has been updated as well. Also, keep a listing of license keys for your software. Most importantly, back up your data. If you are a victim of this type of attack, you are better off reloading your system and restoring the data from your backup. Even if you can decrypt your data, there is no guarantee that there is no residual malware like rootkits or backdoors. Here are a few free online antivirus scanners: ● Trend Micro HouseCallESET Online Scanner If you see this screenshot, your system is infected:
decryption screenshot
Graphic from: https://www.theverge.com/2017/5/14/15637888/authorities-wannacry-ransomware-attack-spread-150-countries